It is the application’s responsibility to ensure that all whitespace and
metacharacters are quoted appropriately to avoid shell injection
vulnerabilities. The shlex.quote() function can be used to properly
escape whitespace and shell metacharacters in strings that are going to be
used to construct shell commands.

Create a subprocess from one or more string arguments (character strings or
bytes strings encoded to the filesystem encoding), where the first string
specifies the program to execute, and the remaining strings specify the
program’s arguments. (Thus, together the string arguments form the
sys.argv value of the program, assuming it is a Python script.) This is
similar to the standard library subprocess.Popen class called with
shell=False and the list of strings passed as the first argument;
however, where Popen takes a single argument which is
list of strings, subprocess_exec() takes multiple string arguments.

stdin: Either a file-like object representing the pipe to be connected
to the subprocess’s standard input stream using
connect_write_pipe(), or the constant
subprocess.PIPE (the default). By default a new pipe will be
created and connected.

stdout: Either a file-like object representing the pipe to be connected
to the subprocess’s standard output stream using
connect_read_pipe(), or the constant
subprocess.PIPE (the default). By default a new pipe will be
created and connected.

stderr: Either a file-like object representing the pipe to be connected
to the subprocess’s standard error stream using
connect_read_pipe(), or one of the constants
subprocess.PIPE (the default) or subprocess.STDOUT.
By default a new pipe will be created and connected. When
subprocess.STDOUT is specified, the subprocess’s standard error
stream will be connected to the same pipe as the standard output stream.

All other keyword arguments are passed to subprocess.Popen
without interpretation, except for bufsize, universal_newlines and
shell, which should not be specified at all.

Create a subprocess from cmd, which is a character string or a bytes
string encoded to the filesystem encoding,
using the platform’s “shell” syntax. This is similar to the standard library
subprocess.Popen class called with shell=True.

It is the application’s responsibility to ensure that all whitespace and
metacharacters are quoted appropriately to avoid shell injection
vulnerabilities. The shlex.quote() function can be used to properly
escape whitespace and shell metacharacters in strings that are going to be
used to construct shell commands.

This will deadlock when using stdout=PIPE or stderr=PIPE and
the child process generates enough output to a pipe such that it
blocks waiting for the OS pipe buffer to accept more data. Use the
communicate() method when using pipes to avoid that.

Interact with process: Send data to stdin. Read data from stdout and
stderr, until end-of-file is reached. Wait for process to terminate.
The optional input argument should be data to be sent to the child
process, or None, if no data should be sent to the child. The type
of input must be bytes.

If a BrokenPipeError or ConnectionResetError exception is
raised when writing input into stdin, the exception is ignored. It
occurs when the process exits before all data are written into stdin.

Note that if you want to send data to the process’s stdin, you need to
create the Process object with stdin=PIPE. Similarly, to get anything
other than None in the result tuple, you need to give stdout=PIPE
and/or stderr=PIPE too.

Example of a subprocess protocol using to get the output of a subprocess and to
wait for the subprocess exit. The subprocess is created by the
BaseEventLoop.subprocess_exec() method:

importasyncioimportsysclassDateProtocol(asyncio.SubprocessProtocol):def__init__(self,exit_future):self.exit_future=exit_futureself.output=bytearray()defpipe_data_received(self,fd,data):self.output.extend(data)defprocess_exited(self):self.exit_future.set_result(True)@asyncio.coroutinedefget_date(loop):code='import datetime; print(datetime.datetime.now())'exit_future=asyncio.Future(loop=loop)# Create the subprocess controlled by the protocol DateProtocol,# redirect the standard output into a pipecreate=loop.subprocess_exec(lambda:DateProtocol(exit_future),sys.executable,'-c',code,stdin=None,stderr=None)transport,protocol=yield fromcreate# Wait for the subprocess exit using the process_exited() method# of the protocolyield fromexit_future# Close the stdout pipetransport.close()# Read the output which was collected by the pipe_data_received()# method of the protocoldata=bytes(protocol.output)returndata.decode('ascii').rstrip()ifsys.platform=="win32":loop=asyncio.ProactorEventLoop()asyncio.set_event_loop(loop)else:loop=asyncio.get_event_loop()date=loop.run_until_complete(get_date(loop))print("Current date: %s"%date)loop.close()

importasyncio.subprocessimportsys@asyncio.coroutinedefget_date():code='import datetime; print(datetime.datetime.now())'# Create the subprocess, redirect the standard output into a pipecreate=asyncio.create_subprocess_exec(sys.executable,'-c',code,stdout=asyncio.subprocess.PIPE)proc=yield fromcreate# Read one line of outputdata=yield fromproc.stdout.readline()line=data.decode('ascii').rstrip()# Wait for the subprocess exityield fromproc.wait()returnlineifsys.platform=="win32":loop=asyncio.ProactorEventLoop()asyncio.set_event_loop(loop)else:loop=asyncio.get_event_loop()date=loop.run_until_complete(get_date())print("Current date: %s"%date)loop.close()